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DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 7/1 1/05 have been entered and 
carefully considered. 

2. The Amendment introduces new limitation into claims 1-16, 20, 22, 25-26 and 30 
and cancels claim 21 . 

The newly introduced limitations have required a new search and consideration of 
the pending claims. The new search has resulted in newly discovered prior art. 
New grounds of rejection based on the newly discovered prior art follow below. 

3. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Amendment 

4. Applicant canceled claim 21 and amended claim language of claims 1, 16, 22 and 
26. 

5. Applicant's arguments have been carefully considered but they were not found 
persuasive. 

6. Applicant amended claims 5, 6-7 and clarified the limitation of claims 13, 14, 15, 18 
and 23, 25. 

7. As a result the Objection and all of the Rejections (35 USC § 101 , § 1 12) cited in the 
previous Office Action are withdrawn. 

8. Applicant traverses the Official Notices that were taken in the previous Office Action. 

9. In particular applicant requests a reference in support that is well known to "register 
objects with the class factory and with the data store". 
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1 0. This is well known in the art. For example, the examiner points to Burroughs et a/. 
(U.S. Patent No. 5878411), wherein the inventors first disclose fundamentals of 
Object Oriented Programming. Burrought et al. recites: 

"A fundamental concept in OOP is the class. A class is a template or prototype that 
defines a type of object. A programmer may define a class by writing a section of 
code known as a class definition. An object is an instance of a class. An object is 
created or instantiated at run-time, i.e., when the computer executes a statement in 
the program calling for the instantiation of an object of a specified class. An object 
may include attributes or data as well as functions or methods. The class definition 
specifies the attributes and methods. The attributes are represented in an object by 
the values of instance variables" (Burroughs et al., col. 5 lines 15-25). 

1 1 . Another example is provided by Kumar et al. (U. S. Patent No. 6343287) who's 
invention involves 

"a mechanism, method, and computer program product for linking a profile service 
instance to a plurality of external data stores. External data store profile that "is 
created in the profile service that names the connector class. An external data store 
reference object is created in the profile service instance that identifies the external 
data store profile and a number of parameters that specify particular data desired 
from the external data store. A profile within the profile service instance includes an 
attribute that names the data store reference object. When the attribute is evaluated, 
the data store reference object is instantiated, optionally using parameters specified 
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at runtime, and passed as a parameter to an instance of the data store connector 
class identified by the external data store profile" (Kumar et al., col. 5 lines 10-32). 

12. In light of the above references it was well known to one of ordinary skill in the art at 
the time of applicant's invention to register objects with the class factory and with the 
data store. One of ordinary skill in art at the time of applicant's invention would have 
employed registering authentication objects with the class factory and with the data 
store in order for the object to be known and utilized by the system. 

13. Also, applicant's request to provide references reading on the fact that it is old and 
well known to "use applications that do not have to be recoded or recompiled in 
order to employ the newly registered object" is acknowledged. 

14. The examiner points to Microsoft Press computer dictionary (Microsoft Press, 
"Computer Dictionary, 3 rd edition, ISBN: 1 57231 446X, 1997) that discloses dynamic- 
link library: 

"A feature of the Microsoft Windows family of operating systems and OS/2 that 
allows executable routines to be stored separately as files with DLL extensions and 
to be loaded only when needed by a program. A dynamic-link library has several 
advantages.... Second, because a dynamic-link library is a separate file, a 
programmer can make corrections or improvements to only that module without 
affecting the operation of the calling program or any other dynamic-link library" 
(Microsoft Press, pg. 166) and to the New Rider's "Windows 98 Professional 
Reference" reference (http://cma.zdnet.com/book/win98prfref/ch1 ' 5Zch15.htm), that 
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discusses the importance of registering dynamic link libraries even in Window 9x 
environment (New Rider, "Understanding HKEY_CLASSES_ROOT" section). 

1 5. In light of the above references it was well known to one of ordinary skill in the art at 
the time of applicant's invention to use applications that do not have to be recoded 
or recompiled in order to employ the newly registered object. One of ordinary skill in 
art at the time of applicant's invention would have written an application so that the 
application does not have to be recoded or recompiled to employ the newly 
registered authentication object in order not to slow down the application's 
execution. 

16. It will be appreciated to one of ordinary skill in the art that the New Rider's reference 
is relevant to other Object Oriented Programming concepts that are relevant to 
applicant's invention (e.g. What are objects, classes and instances?"). 

17. The remaining arguments by applicant are directed towards the newly introduced 
limitations and they are addressed (using newly discovered prior art) in this Office 
Action, below. 



18. Claims 1-20, 22-26 and 30 have been examined. 

Claim Rejections - 35 USC § 112 

19. Claims 1-20 and 22-26 are newly rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter that applicant regards as the invention. 
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20. The term: "the secondary data" in claims 1,16, 22, 26 and 30 lacks antecedent basis 
and is not clear 

21. Claims 2-15, 17-20, 23-25 and 30 are rejected by virtue of their dependence 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

22. Claims 1-26 and 30 are newly rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hadfield et al. (Lee Hadfield, Dave Hater, Dave Bixler, "Windows 
NT Server 4 Security Handbook 11 , 1997, ISBN: 078971213) in view of Lloyd et al. 
(U.S. Patent No. 6219790) and further in view of Kaeo (Merike Kaeo, "Designing 
network security", 1999, ISBN: 1578700434). 

23. As per claim 1 Hadfield et al. teach components that make up the Windows NT 
security, and that comprise a Local Security Authority that is the main component 
responsible for log-on activities (Hadfield et al., "Windows NT Security System 
Operation", pg. 79). 

24. Hadfield et al. teach that during authentication procedures the authentication data is 
received by the Local Security Authority that calls an Authentication Package, which 
supports Net Logon Service and carries out the authentication (Hadfield et al., pg. 81 
and "The Authentication Process", pg. 169). 

25. This reads on "an authentication manager that receives first data associated with the 
communication and appropriate for a first authentication module". 
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26. Hadfield et a/, further teach that the Authentication Package verifies the received 
authentication data and returns the result to the Local Security Authority. 

27. This reads on: "at least one authentication module that receives the at least one 
secondary data from the authentication manager and produces third data related to 
responding to the authentication challenge". 

28. Hadfield et al. do not teach that the authentication manager further processes the 
first data into second data of a second type appropriate for a second authentication 
module. 

29. However, Hadfield et al. teach that the authentication package that is used by 
custom is written if necessary and Lloyd et al. teach support for multiple 
authentication protocols (Lloyd et al., Abstract and Fig. 2). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to 
provide additional modules supporting other authentication schemes into Handfield 
et al.'s invention. One of ordinary skill in the art would have been motivated to 
perform such a modification in order to authenticate clients using various native 
authentication protocols. 

30. Providing additional authentication modules would allow clients with other than 
standard Windows NT authentication protocols to communicate with the Local 
Security Authority which would result in the Local Security Authority (authentication 
manager) processing the first data into second data of a second type appropriate for 
a second authentication module. 
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31 .Also, NTLM and Kerberos (for example) are two vastly different protocols and it 
would have been implicit to have different requirements for secondary data for the 
first and second authentication modules. 

32. Hadfield et al. and Lloyd et al. teach authentication modules that cooperate with the 
authentication manager that receives the first data associated with authentication 
communication as discussed above. 

33. Hadfield et al. and Lloyd et al. do not teach that the first data is associated with the 
communication challenge. 

34. Kaeo teaches the challenge response which enhances the authentication process 
(Kaeo } "PPP Challenge-Handshake Authentication Protocol, pg. 45-48). 

35. It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to enhance the authentication process as taught by Hadfield et al. by 
accommodating the challenge-response as taught by Kaeo. One of ordinary skill in 
the art would have been motivated to perform such a modification in order to provide 
protection against playback attacks. 

36. Accommodating the challenge-response in Hadfield et a/.'s authentication process 
would result in the authentication manager receiving the first data associated with 
the communication challenge. 

37. Claims 16 and 30 are substantially equivalent to claim 1 ; therefore claim 16 and 30 
are similarly rejected. 

38. As per claim 30 the examiner reminds applicant that the preamble does not carry a 
patentable weight. However, even if the preamble was limiting, network resources 



Application/Control Number: 09/818,358 Page 9 

Art Unit: 2134 

by a URI is old and well-known in the art (e.g. Microsoft IIS that is implemented on 
Microsoft Server, Hadfield et al. pg. 344, etc.) t especially where Internet connection 
(e.g. Lloyd etai, Fig. 1) is implemented. 

39. As per claim 3 the authentication challenge as taught by Kaeo is a multipart 
authentication challenge. 

40. As per claims 4 Kaeo teaches deriving hash (third data) from the second data 
(challenge response, pg. 46-47, Fig. 2-11, step 3). 

41. As per claims 13-14 Hadfield et al., Lloyd et al. and Kaeo teach authentication in a 
distributed computing environment accommodating various authentication protocols, 
e.g. Kerberos (e.g. Lloyd et al. Fig. 2). 

42. Furthermore, Hadfield et al. teach a domain that comprises Windows NT and teach 
that there are more than one Windows NT in a domain environment that provides 
authentication (PDC, BDC, Hadfield et al., pg. 93). 

43. As per claims 2 and 17 Hadfield et al, Lloyd et al. and Kaeo do not explicitly teach a 
cache adapted to store data (e.g. one or more third data related to responding to the 
authentication challenge). 

44. However, the examiner points out that caching data is old and well-known in the art 
( Van Hoff, col. 1 lines 52-55, DNS, URL, proxy etc. caching or even utilization of 
cache memory). One of ordinary skill in the art at the time of applicant's invention 
would have been motivated to utilize cache in Hadfield et al., Lloyd et al. and Kaeo's 
invention for motivation of faster response. 
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45. Claim 6 essentially refers to a pre-step of a previously discussed method, wherein 
instead of receiving, processing and responding to data associated with the 
communication challenge the test is conducted wherein a test data received by the 
authentication manager triggers "pre-authentication procedures" that are essentially 
the same as the authentication procedures. Although, none of the above cited 
references discuss test procedures, conducting tests prior to implementation of a 
system is old and well-known practice and give the benefit of addressing and 
avoiding potential problems prior to the system's live implementation. 

46. The limitations of claim 7 are implicit. Not only use of services by modules is old and 
well-known practice (e.g. any of the Microsoft products) but also modules are not 
isolated from the modular computing systems. At the very least modules such as 
authentication modules would require at least some of the basic executive services 
as shown in Fig. 3.4 (Hadfielcl et al. } pg. 76). 

47. As per claims 8, 15 it is implicit that some of the clients use the authentication 
challenge as taught by Hadfield et al., Lloyd et al. and Kaeo are Windows 98, NT 
2000 (etc.). Windows Operating Systems products are written in object oriented 
programming language and inherently have a class factory (Dynamic Link Libraries: 
DLL) and objects. 

48. Hadfield et al., Lloyd et al. and Kaeo do not explicitly teach authentication objects 
callable by the authentication manager and configuration table. 

However, authentication objects callable by the authentication manager as well as 
configuration table is well known in art as illustrated by Itoi et al. (Itoi et al., section 2 
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and 4, Fig. 4.2). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to implement authentication objects callable by the 
authentication manager into Kessler's invention. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to provide a more 
efficient programmable environment. 

49. As per claims 19 and 24 Itoi et al. show several created authentication modules (Fig. 
4.2). Registering one or more authentication modules after the receipt of one or 
more authentication challenges would be implicit since in order to register the 
appropriate authentication module the authentication protocol used must be known. 

50. Hadfield et al., Lloyd et al. and Kaeo do not explicitly teach a registrar adapted to 
register an authentication object with the class factory and with the data store. 
Official Notice is taken that it is old and well-known practice to registrar adapted to 
register an authentication object with the class factory and with the data store (see 
Burroughs et al. and Kumar et al., Response to Amendment, above). One of 
ordinary skill in the art at the time of applicant's invention would have employed 
registering authentication objects with the class factory and with the data store in 
Hadfield et al., Lloyd et al. and Kaeo's invention in order for the object to be known 
and utilized by the system. 

51 . Hadfield et al., Lloyd et al. and Kaeo also do not explicitly teach that the application 
does not have to be receded or recompiled to employ the newly registered 
authentication object. 
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Official Notice is taken that it is old and well-known that applications do not have to 
be recoded or recompiled in order to employ the newly registered object (see 
Microsoft Press and New Rider, Response to Amendment, above). One of ordinary 
skill in art at the time of applicant's invention would write an application so that the 
application does not have to be recoded or recompiled to employ the newly 
registered authentication object in order not to slow down the application's 
execution. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 
706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 
1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571)272- 
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3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571) 272-3838. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at (866) 217-9197 (toll-free). 




